Forwarded From: <synthe@ronin.net>
http://www.techweb.com/wire/story/TWB19981002S0019
Combat-Ready Security Tools To Debut
Two security vendors will unveil tools next week that make it easier for
IT managers to identify and thwart attacks on their enterprise networks.
Axent Technologies and Internet Security Systems separately plan to
introduce products that combine host- and network-based intrusion
detection. The "hybrid" systems automatically detect attacks on networks
and systems and alert IT managers, who can then take appropriate actions.
As more companies open up corporate networks to the Internet and deploy
intranets and extranets, high-tech burglar alarms such as intrusion
detection systems (IDS) are being used to identify attacks from outsiders
as well as insiders.
User organizations, however, are installing two types of systems: sniffers
that monitor network packets for IP spoofing and packet flooding attacks,
and log analysis products that monitor PC, server, and firewall logs for
known vulnerabilities.
Users and analysts said both approaches have their strengths and
weaknesses. However, a combined product would give IT administrators a
more comprehensive view of attacks across the enterprise, they said.
"A network-based IDS can detect intrusions, but can't [always] determine
if the intrusion is successful, while a host-based system can see
successful intrusions, but might not necessarily see the unsuccessful
attacks," said Hurwitz Group analyst Steve Foote.
As a result, some users want host and network analysis in an integrated
product.
"We are interested in an integrated package. [Network and host-based
systems] would have the same look and feel, and reporting could be
coordinated so there is less likelihood of gaps and omissions," said John
Patterson, security officer at Oppenheimer Funds, a $95 million stock
trading company.
NetProwler is a Windows NT plug-in for Intruder Alert 3.0 that monitors
packets for certain classes of attacks, such as port scanning, Teardrop,
Bonk, LAND, SYN Flood, and Winnuke.
The software complements Intruder Alert's host-based technology, which
uses intelligent agents to monitor systems, said Robert Clyde, vice
president of Axent's security management unit.
With the new module, Intruder Alert can monitor audit trails of
distributed systems in real time for suspicious "footprints" on operating
systems, Web servers, firewalls, routers, applications, databases, and
Simple Network Management Protocol traps from other network devices, Axent
said.
Intruder Alert-which is designed to protect more than 35 major platforms
including Windows NT, NetWare, and Unix-responds to attacks by alerting IT
managers, shutting down systems or terminating sessions. Intruder Alert
users will be able to download NetProwler free of charge from Axent's
website by year end.
While Axent added network monitoring to its Intruder Alert, ISS extended
the host reach of its RealSecure network monitor. The development project
that was code named LookOut has borne fruit in the latest version of the
RealSecure software.
RealSecure 3.1 is a hybrid network and host-based detection system with a
"single management architecture, seamless database, event management, and
reporting functions in one package," said Tom Wood, ISS' manager for
intrusion detection.
RealSecure is based on a distributed architecture in which real-time
alarms about attacks can be sent back to a central console. The software
consists of a network engine, agent software for host-based detection, and
a management console, Wood said.
The host-based module runs on NT and will be available next month. ISS
will include agents for Unix-specific attack signatures and Unix system
logs by year end. RealSecure now can detect more than 165 network attacks
and more than 100 system attacks, Wood said.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Oct 6 16:46:16 1998